Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at

Advisory Archive

Date Rubygem Title CVE
2016-01-08 auto_select2 auto_select2 Gem for Ruby allows arbitrary search execution
2016-01-08 thor Command injection in Thor Gem 2016-10545
2016-01-04 colorscore colorscore Gem for Ruby lib/colorscore/histogram.rb Arbitrary Command Injection 2015-7541
2015-12-18 rack-attack rack-attack Gem for Ruby missing normalization before request path processing
2015-12-15 git-fastclone git-fastclone Shell Metacharacter Injection Arbitrary Command Execution 2015-8969
2015-12-15 nokogiri Nokogiri gem contains several vulnerabilities in libxml2 2015-5312
2015-12-11 git-fastclone git-fastclone permits arbitrary shell command execution from .gitmodules 2015-8968
2015-12-09 mail SMTP command injection 2015-9097
2015-12-09 mail SMTP command injection 2015-9097
2015-11-23 passenger Phusion Passenger Server allows to overwrite headers in some cases 2015-7519
2015-11-17 mustache-js-rails mustache.js - quoteless attributes in templates can lead to XSS
2015-10-24 mapbox-rails mapbox-rails Content Injection via TileJSON attribute
2015-09-20 gollum gollum Upload File Functionality Permits Arbitrary File Access 2015-7314
2015-09-17 devise-two-factor devise-two-factor 1.1.0 and earlier vulnerable to replay attacks 2015-7225
2015-08-24 handlebars-source handlebars.js - quoteless attributes in templates can lead to XSS
2015-07-28 spree Spree RABL templates rendering allows Arbitrary Code Execution and File Disclosure
2015-07-21 uglifier uglifier incorrectly handles non-boolean comparisons during minification
2015-07-20 spree Spree RABL templates rendering allows Arbitrary Code Execution and File Disclosure
2015-07-17 sidekiq-pro Sidekiq Pro Gem for Ruby CSRF in Job Filtering
2015-07-13 rack-cors rack-cors Gem Missing Anchor permits unauthorized CORS requests 2017-11173
2015-07-06 sidekiq Sidekiq Gem for Ruby Multiple Unspecified CSRF
2015-06-30 ruby-saml Ruby-Saml Gem is vulnerable to entity expansion attacks
2015-06-22 redcarpet redcarpet Gem for Ruby html.c header_anchor() Function Stack Overflow 2015-5147
2015-06-16 activesupport Possible Denial of Service attack in Active Support 2015-3227
2015-06-16 spina Cross-site request forgery (CSRF) vulnerability in Spina gem 2015-4619
2015-06-16 activesupport XSS Vulnerability in ActiveSupport::JSON.encode 2015-3226
2015-06-16 jquery-ujs CSRF Vulnerability in jquery-ujs 2015-1840
2015-06-16 web-console IP whitelist bypass in Web Console 2015-3224
2015-06-16 jquery-rails CSRF Vulnerability in jquery-rails 2015-1840
2015-06-16 rack Potential Denial of Service Vulnerability in Rack 2015-3225